I can not make the FTP server work behind nat.
My nft firewall:
table ip filter {
chain input {
type filter hook input priority 0;
ct state established,related accept
iif lo accept
counter drop
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
table ip nat {
chain prerouting {
type filter hook prerouting priority 0; policy accept;
}
chain postrouting {
type filter hook postrouting priority 100; policy
accept;
}
}
nft add rule nat postrouting ip saddr 10.0.0.0/8 oif eth0 snat 79.x.x.x
nft add rule nat prerouting iif eth0 tcp dport { 80, 22 } dnat
10.0.0.10
HELPER and FORWARDING are enabled in kernel (1).
Web server working well, but ftp after succesful login, fail at data
transfer (passive mode).
nftables v0.8.5 (Joe Btfsplk), kernel ver: 4.16.13-300.fc28.x86_64
Server ftp vsftp on linuz or Filezzilla on windows.
With the same rule on iptables both working well.
Best regards.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
